Login Providers
YData Fabric offers a flexible and secure authentication system, allowing users to log in using a variety of trusted identity providers. This technical documentation provides a comprehensive guide to configuring and managing login providers for YData Fabric, including Google, Microsoft, and Amazon Cognito. By leveraging these providers, users can benefit from seamless and secure access to YData Fabric, ensuring a smooth and efficient user experience.
- Open the Google Cloud Console.
- At the top-left, click Menu>APIs & Services>Credentials.
- Click Create Credentials>OAuth client ID.
- Click Application type>Web application.
- In the "Name" field, type a name for the credential. This name is only shown in the Cloud Console.
-
Leave the “Authorized JavaScript origins” empty. Add a new “Authorized redirect URIs” with the platform endpoint with a suffix
*/dex/callback*
For the provided example: -
Click “Create”
-
Save the following credentials:
-
a. Client ID
The Client ID for the Web Application - b. Client Secret
The Client Secret for the Web Application - c. APP Hosted domain
Google supports whitelisting allowed domains when using G Suite
For example, for one company with the emails like person@example.com, the APP Hosted domain is example.com
-
-
Use the credentials as inputs for YData Fabric.
You can find more details in Google's official documentation.
Microsoft
- Open the Azure Portal
- Go to “Entra ID”
- Click “App registrations”
- Click “New registration”
- Choose a name
- For the supported account types, choose the most appropriated choice for you.
-
For the Redirect URI, choose “Web”, and fill with the platform endpoint with a suffix
*/dex/callback*
. For the provided example: -
Click “Register”
- Go to “Certificates & Secrets”, generate a new secret and save the value (not the secret id). Please choose a large expiration date. This value cannot be changed after the installation of the platform.
-
Go to “Overview” and save the following credentials:
-
a. Client ID
The Application (client) ID
-
b. Client Secret
The secret generated in step 9 (not the secret id).
-
c. Tenant ID
The Directory (tenant) ID
-
-
Use the credentials as inputs for YData Fabric.
Consent workflow
The admin consent workflow is necessary to configure, so you can access the platform using the app registered above.
- Open the Azure Portal
- Go to “Azure Active Directory”
- Click "Enterprise applications”
- Open the “Consent and permissions” page → “User consent settings”
- Check with the AD administrator if an administrator is required to login to the app, or if all users can consent for the apps.
Give access only to a set of users and/or groups
- In order to give access only to a set of users or groups, open your app and click the link “Managed application in local directory” on the right side:
- Then, click in “Properties” and enable the “Assignment required”
- To add users and/or groups, go to “Users and Groups” and click “Add user/group”.
With the above steps, only the users and groups listed here can access YData Fabric. For more information check Microsoft's official documentation for Microsoft identy platform and Microsoft Entra.
AWS Cognito
- Go to the Amazon Cognito console. If prompted, enter your AWS credentials.
- Choose User Pools. Create a new User Pool.
- For the “Configure security requirements”, “Configure sign-up experience” and “Configure message delivery” tabs are up to your choices or leave as the default.
-
In the “Integrate your app” please set the attributes as the following:
- “User Pool Name” - a name of your choice
- Tick the “Use the Cognito Hosted UI” check box.
- “Domain type”, you can use a cognito or a custom domain.
- “Initial app client” choose “Public client” and set a “App client name”
- For “Client secret”, choose “Generate a client secret”
- In the “Allowed callback URLs”, set your callback URL with the platform endpoint with a suffix
*/dex/callback*
For the provided example:
- In the “Advanced app client settings” → “Authentication flows” step, choose “ALLOW_USER_PASSWORD_AUTH”
- For the “OpenID Connect scopes” choose: “Email”, “OpenID” and “Profile”.
- Review your settings, and “Create User Pool”.
- Click your new user pool, go to the “App integration” tab and “App clients and analytics”.
- Copy and save the Client ID and Client secret.
- For the “Issuer URL”, get your URL by going to https://cognito-idp.[region].amazonaws.com/[user_pool_id]/.well-known/openid-configuration And copy and save the "issuer URL.
- Use these credentials as inputs for YData Fabric.
Adding new users
- Go to the Cognito service.
- Click the YData platform Cognito user pool.
- Go to the Users tab
- Click Create user
- Create the users:
- The user will receive an e-mail with the temporary credentials.
For more information check Amazon's Cognito official documentation on user pools^ and ^^user pool app client.
Github
- Go to the GitHub OAuth Application page. If prompted, enter your GitHub credentials.
- For the “Application Name”, choose anything.
- For the “Homepage URL” and “Authorization callback URL”, fill with the platform endpoint and platform endpoint with a suffix
*/dex/callback
* correspondingly. For the provided example:
- Open your new APP and generate a new secret
- Save the Client ID and Client secret
- For the org, use your GitHub organization name.
Finally, use these credentials as inputs for to login YData Fabric. For more information check GitHub's official login documentation.